bro at pingtrip.com
Sat Jan 28 11:53:45 PST 2017
Interestingly your test script works as expected when run as:
But if I pass it a PCAP it exhibits the same condition where the when loop isn’t entered:
bro -r test.pcap b.bro
This is the test PCAP I was testing with:
> On Jan 28, 2017, at 2:39 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>> On Jan 28, 2017, at 2:32 PM, Dave Crawford <bro at pingtrip.com> wrote:
>> Hi Justin,
>> I responded with a follow-up to my original email and temp files are there because I have ‘exit_only_after_terminate’ set to true, so it pauses until I ctrl-c and the tmp files are then deleted.
> No, the files are there because something went wrong along the way. Is bro writing out a reporter.log?
> The code normally works fine, something is broken in your environment.
> $ cat b.bro
> redef exit_only_after_terminate=T;
> when ( local resp = ActiveHTTP::request([$url="https://www.google.com/"]) )
> print resp;
> $ bro --version
> bro version 2.5
> $ bro b.bro
> [code=200, msg=OK\x0d, body=<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en">
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro